Are saved Remote Desktop credentials secure (loosely speaking) on the local machine? They aren't stored as clear text anywhere at least, are they?

Edit: I understand the inherent risks of saving passwords. Certainly though there is a spectrum of effectiveness, for instance saving a password through something like CryptProtectData (what Google Chrome uses on Win32) is obviously better than saving a password in clear text.

3 Answers
3

Older versions of Remote Desktop client store the password in the .rdp file, which can easily be decrypted.

As of Remote Desktop Client v6, credentials are stored using Windows Credentials API. The passwords are securely encrypted using a key tied to your Windows user account (CryptProtectData as described in the SecurityXploded article @StackExchanger linked to), and accessing them requires your Windows password (or the "password recovery" disk). They can be read by any program you run, however, such as NetPass.

Note that if someone has physical access, they can crack the passwords using something like Ophcrack, or install a keylogger.

You're asking the wrong question, IMHO. If someone breaks into your machine somehow, and finds an RDP file that allows him to connect to a remote machine without providing a password, than the damage is already done. Not only that, he could use the remote session to create a new user for himself, or even change the password on the current one.

The solution is to never save passwords within the RDP file and to protect your local machine.
Oh, and based on past such experiences with MS software, I wouldn't be totally surprised if it kept the password in either plain text or lightly-hashed somewhere. Witness their treatment of wifi network passwords in Windows 7.

Thanks for the answer and the valid points. I have updated my question to clarify the angle I'm approaching this from.
–
DuckMaestroJul 7 '11 at 19:52

1

Windows 7 does not store any passwords within the RDP file, and hashing them just doesn't make sense (it needs to be decryptable when authenticating). Creating a new user normally requires Administrator rights, changing an existing password -- knowledge of the old one.
–
grawityOct 26 '11 at 17:45